Confidential issues (FREE)

Confidential issues are issues visible only to members of a project with sufficient permissions. Confidential issues can be used by open source projects and companies alike to keep security vulnerabilities private or prevent surprises from leaking out.

Make an issue confidential

You can make an issue confidential when you create or edit an issue.

In a new issue

When you create a new issue, a checkbox right below the text area is available to mark the issue as confidential. Check that box and select Create issue to create the issue.

When you create a confidential issue in a project, the project becomes listed in the Contributed projects section in your profile. Contributed projects does not show information about the confidential issue; it only shows the project name.

To create a confidential issue:

  1. On the left sidebar, at the top, select Search GitLab ({search}) to find your project.
  2. On the left sidebar, at the top, select Create new... ({plus}).
  3. From the dropdown list, select New issue.
  4. Complete the fields.
    • Select the This issue is confidential... checkbox.
  5. Select Create issue.

In an existing issue

To change the confidentiality of an existing issue:

  1. On the left sidebar, at the top, select Search GitLab ({search}) to find your project.
  2. Select Plan > Issues.
  3. Select the title of your issue to view it.
  4. On the right sidebar, next to Confidentiality, select Edit.
  5. Select Turn on (or Turn off to make the issue non-confidential).

Alternatively, you can use the /confidential quick action.

Who can see confidential issues

When an issue is made confidential, only users with at least the Reporter role for the project have access to the issue. Users with Guest or Minimal roles can't access the issue even if they were actively participating before the change.

Confidential issue indicators

Confidential issues are visually different from regular issues in a few ways. In the issues index page view, you can see the confidential ({eye-slash}) icon next to the issues that are marked as confidential:

Confidential issues index page

If you don't have enough permissions, you cannot see confidential issues at all.

Likewise, while inside the issue, you can see the confidential ({eye-slash}) icon right next to the issue number. There is also an indicator in the comment area that the issue you are commenting on is confidential.

Confidential issue page

There is also an indicator on the sidebar denoting confidentiality.

Confidential issue Not confidential issue
Sidebar confidential issue Sidebar not confidential issue

Every change from regular to confidential and vice versa, is indicated by a system note in the issue's comments:

  • {eye-slash} The issue is made confidential.
  • {eye} The issue is made public.

Confidential issues system notes

Merge requests for confidential issues

Although you can create confidential issues (and make existing issues confidential) in a public project, you cannot make confidential merge requests. Learn how to create merge requests for confidential issues that prevent leaks of private data.

Permissions and access to confidential issues

Access to confidential issues is by one of two routes. The general rule is that confidential issues are visible only to members of a project with at least the Reporter role.

However, a user with the Guest role can create confidential issues, but can only view the ones that they created themselves.

Users with the Guest role or non-members can read the confidential issue if they are assigned to the issue. When a Guest user or non-member is unassigned from a confidential issue, they can no longer view it.

Confidential issues are hidden in search results for unprivileged users. For example, here's what a user with the Maintainer role and the Guest role sees in the project's search results:

Maintainer role Guest role
Confidential issues search by maintainer Confidential issues search by guest

Related topics